#!/bin/bash
#
# Script by Amalie
# Do not edit
# This file require root

ERROR=0
CMD=""
MESSAGE=""

echo ""
echo "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Ports listening (netstat -plnt) v"
sudo netstat -plnt
echo ""
echo "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Ports forwarded (iptables -L -n) v"
sudo iptables -L -n
echo ""
echo "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Modify ports below:"
echo "Script for adding or removing ports in Iptables:"
echo ""
echo "Type 'add' or 'drop' or 'cancel':"
read addordrop
echo ""

if [ "$addordrop" == "add" ]; then
    echo "type 'tcp' or 'udp':"
    read tcporudp
    echo ""
    echo "Enter port number:"
    read portnumber
    echo ""

    if [ "$portnumber" -le 65535 ] && [ "$portnumber" -ge 0 ]; then
        if [ "$tcporudp" == "tcp" ]; then
            CMD="iptables -A TCP -p tcp --dport $portnumber -j ACCEPT"
            MESSAGE="Added TCP port $portnumber"
        elif [ "$tcporudp" == "udp" ]; then
            CMD="iptables -A UDP -p udp --dport $portnumber -j ACCEPT"
            MESSAGE="Added UDP port $portnumber"
        else
            echo "Error: Unknown parameter."
            ERROR=1
        fi
    else
        echo "Error: Port out of range."
        ERROR=1	
    fi

elif [ "$addordrop" == "drop" ]; then
    echo "type 'tcp' or 'udp':"
    read tcporudp
    echo ""
    echo "Enter port number:"
    read portnumber
    echo ""

    if [ "$portnumber" -le 65535 ] && [ "$portnumber" -ge 0 ]; then
        if [ "$tcporudp" == "tcp" ]; then
            CMD="iptables -D TCP -p tcp --dport $portnumber -j ACCEPT"
            MESSAGE="Dropped TCP port $portnumber"
        elif [ "$tcporudp" == "udp" ]; then
            CMD="iptables -D UDP -p udp --dport $portnumber -j ACCEPT"
            MESSAGE="Dropped UDP port $portnumber"
        else
            echo "Error: Unknown parameter."
            ERROR=1
        fi
    else
        echo "Error: Port out of range."
        ERROR=1	
    fi
elif [ "$addordrop" == "cancel" ]; then
    echo "Cancelling script..."
    ERROR=1
else
    echo "Error: Unknown parameter."
    ERROR=1
fi

if [ "$ERROR" -eq 0 ]; then
    eval $CMD
    iptables-save > /etc/iptables/rules.v4
    ip6tables-save > /etc/iptables/rules.v6
    echo "$CMD" >> /root/changeiptables-DONOTTOUCH.sh
    echo "Success: $MESSAGE."
fi

exit
